Re: Query on su command

Hi Ronny,

In your original message you said that you are running V5.1, but the ls -al of /usr/bin/su shows that you are running v5.1b. When you're asking for help we need to know the exact version, because many of the problems are version specific. I don't think that's the problem in your case, though.

The reason I asked about the su command is that someone could have replaced it with a program that does whatever they want, i.e. allow su without the password. Even though the /usr/bin/su command doesn't appear to have been tampered with, you should still search the system for another, just in case. Someone could have put an altered su program somewhere else in your users path and that could be the one being executed.

At this point we're looking for anything strange in the system setup that could have caused this behavior, and a hacked su command is one of the possibilities.

How did you check to make sure that the root account has a password? The password should appear in the prpasswd entry for root, not just the /etc/passwd file. You can check the prpasswd entry for root with the edauth command: edauth -g rootThere should be a u_pwd= field. Another way to check to see if the root account really has a password is to try to login as root instead of just su. Try:/usr/bin/login rootand just hit the Enter key instead of entering a password and see what happens.